Threats Tagged 'ghsa-c875-h985-hvrc'
View all threats tagged with 'ghsa-c875-h985-hvrc'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'ghsa-c875-h985-hvrc'
Click on any threat for detailed analysis and mitigation recommendations
GHSA-c875-h985-hvrc: Scriban: Built-in operations bypass LoopLimit and delay cancellation, enabling Denial of Service 0 Scriban versions prior to 7.0.0 have a vulnerability where the LoopLimit setting does not apply to expensive iterations performed inside built-in operations and operators. This allows an attacker to craft templates that cause excessive CPU or memory consumption, bypassing the intended loop iteration limits. For example, expressions like {{ 1..1000000 | array.size }} can force large CPU work despite a low LoopLimit. Similarly, string multiplication can cause large memory allocations. This uncontrolled resource consumption can lead to denial of service in applications that process untrusted templates using Scriban. Join the discussion | GCVE Database | 03/24/2026, 22:13:08 UTC Added: 07/06/2026, 23:04:02 UTC |
Showing 1 to 1 of 1 result